Uncontrolled Search Path Element Vulnerability in Adobe ColdFusion
CVE-2026-48364
8.2HIGH
What is CVE-2026-48364?
Adobe ColdFusion versions 2025.9, 2023.20, and earlier are susceptible to an Uncontrolled Search Path Element vulnerability. This flaw could enable attackers to execute arbitrary code within the context of the current user if they can convince them to open a specially crafted file. This highlights the importance of user education and secure coding practices to mitigate the risks associated with such vulnerabilities.
Affected Version(s)
ColdFusion 0 <= 2025.9
ColdFusion 0 <= 2025.9
ColdFusion 0 <= 2023.20